15 | | Does your server allow plain text FTP access? What's your policy on receiving cease-and-desist letters? Do have I have full secure shell access? |
| 15 | Does your server allow plain text FTP access? |
| 16 | |
| 17 | FTP is "File Transfer Protocol" and it's the way you get your files (or web pages) into your website for people to see on their browsers. Seeing a page is a fairly safe thing: you see it and there's not a whole lot you can do with it. But uploading a page is quite another matter: if someone uploads a malicious file, it can literally eat up the other web pages on your website or display information you don't want or, even worse, get into the rest of your directory and destroy it. If the provider's server is not properly secure, such a file can destroy everyone else's data. |
| 18 | |
| 19 | FTP access is insecure because it travels over channels (called "Ports") that allow it to be read as it's being transferred and because it doesn't provide a lot of protection while you're in your directory. A person with proper programs can eavesdrop the entire session, log it and do all kinds of information robbery to be used in exploiting your files. |
| 20 | |
| 21 | Everyone should use Secure File Transfer Protocol. SFTP is less common than FTP and there are fewer programs that you can use to do an sftp session. So many activists are used to FTP and wonder why they should be using the alternative. |
| 22 | Basically, it's because your data is critically important to you and to the rest of us: because you're part of our movement. |
| 23 | |
| 24 | There are SFTP programs for every computer platform. You should insist that your provider only allows sftp. If the answer's no, do not use that provider. |
| 25 | |
| 26 | What's your policy on receiving cease-and-desist letters? Do have I have full secure shell access? |